|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] Re: What is more secure? HVM or PV ?
For PV:
The explicit hypercall API would be one possible attack vector - exploiting
any bugs in Xen. The memory mapping interface could also be an attack vector
(including both the paravirtualised and various shadowing code paths).
PV also could be attacked in principle via the frontend / backend drivers - if
the backend driver could be compromised and made to execute arbitrary code
(or even write abitrary code to dom0's filesystem / swapfile for later
executation) then it would be possible to take over the whole machine.
The PV components have been in place for longer and have probably received
more scrutiny. The HVM components are rather complex and have received, I
think, less eyeballing. I'd guess (and it is really a guess) that I'd have
more confidence in PV from a security point of view, but that's definitely
not to say that there's anything specifically *wrong* with the HVM code, just
that it's less mature.
I agree, I think that because the PV API is also exposed to HVMs
(PV-on-HVM), we can conclude that HVMs are theoretically less secure,
becuase they have more attack vectors.
David.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|